CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5198

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score69.0230%
EPSS Percentile97.69th
PublishedJan 19, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Affected Platforms (CPE)

πŸ“¦
Google

Chrome

< 54.0.2840.90
πŸ“¦
Google

Chrome

< 54.0.2840.85
πŸ“¦
Google

Chrome

< 54.0.2840.87
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2016-2672.html
πŸ”— http://www.securityfocus.com/bid/94079
πŸ”— http://www.securitytracker.com/id/1037224
πŸ”— https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
πŸ”— https://crbug.com/659475
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-2672.html
πŸ”— http://www.securityfocus.com/bid/94079
πŸ”— http://www.securitytracker.com/id/1037224

Related Vulnerabilities

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...